Friday, 6 January 2006

The Script Kiddie

What is Script Kiddie ?

A person, normally someone who is not technologically sophisticated, who randomly seeks out a specific weakness over the Internet in order to gain root access to a system without really understanding what it is s/he is exploiting because the weakness was discovered by someone else. A script kiddie is not looking to target specific information or a specific company but rather uses knowledge of a vulnerability to scan the entire Internet for a victim that possesses that vulnerability.

Script Kiddie also referred to a person who relies on premade exploit programs and files (”scripts”) to conduct his hacking, and refuses to bother to learn how they work. The script kiddie flies in the face of all that the hacker subculture stands for - the pursuit of knowledge, respect for skills, and motivation to self-teach are just three of the hacker ideals that the script kiddie ignores. While anyone can be a script kiddie, generally they are teenagers who want the power of the hacker without the discipline or training involved. Obviously anyone who follows this route aspires to be a blackhat, but most refuse to even dignify them with this term; “blackhat” generally implies having skills of your own.

It is generally assumed that script kiddies are juveniles who lack the ability to write sophisticated hacking programs or exploits on their own, and that their objective is to try to impress their friends or gain credit in computer-enthusiast communities.


From around 1995 on, the widespread use of the Internet in the business and home computer field, and the full disclosure movement’s policy of disclosing working exploitation tools has led to an enormous growth of the script kiddie scene.

Script kiddies often act out of boredom, curiosity or a desire to ‘play war’ on the Internet. There are many organized script kiddie groups, who often meet in anonymous chat channels such as IRC.
Script kiddies are always looking for new exploits which are unknown to the public, and hence particularly effective. Such exploits are leaked from research labs or given to script kiddies by insiders; they are then used to compromise a large number of hosts on the Internet. Script kiddies are often young, and can evolve into honest programmers later in life.

In 1999, NetBus (a software program for remotely controlling a Microsoft Windows computer system over a network as a backdoor.) was used by script kiddie to plant child pornography on the work computer of Magnus Eriksson, a law scholar at Lund University, Sweden. About 3,500 images were discovered by system administrators, and Eriksson was assumed to have downloaded them knowingly. Eriksson lost his research position at the faculty, and following the publication of his name fled the country and had to seek professional medical care to cope with the stress. He was acquitted from criminal charges in late 2004, as a court found that NetBus had been used to control his computer.

No comments:

Post a Comment